<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>My JSP 'JSTL.jsp' starting page</title>
    
	<meta http-equiv="pragma" content="no-cache">
	<meta http-equiv="cache-control" content="no-cache">
	<meta http-equiv="expires" content="0">    
	<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
	<meta http-equiv="description" content="This is my page">
	<!--
	<link rel="stylesheet" type="text/css" href="styles.css">
	-->

  </head>
  
  <body>
    This is my JSP page. <br>
    <c:out value="hello"></c:out>
    <%
    	//<script src="http://www.xxxm.sj/sssss.js"></script>
    	String str="<script>while(1)alert(1);</script>";
    	request.setAttribute("st", str);
     %>
     <%-- XSS攻击 --%>
     <%-- ${st} --%>
     <c:out value="${st}" escapeXml="true"></c:out>
     <hr/>
     <c:set var="name" value="尼古拉斯凯奇" scope="request"></c:set>
     <%--request.setAttribute("name","尼古拉斯凯奇"); --%>
     ${name}<br/>
     <%=request.getAttribute("name") %>
     <hr size="40" noshade="noshade"/>
     <c:set var="s" value="${param.age}"></c:set>
     <h1>
     <c:if test="${s>80}">高寿</c:if>
     <c:if test="${s>60 && s<=80}">老年人</c:if>
     <c:if test="${s>20 && s<=60}">青年</c:if>
     <c:if test="${s<=20}">少年</c:if>
     </h1>
  </body>
</html>
